After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 361891 - Add "alternative port" and "local only" preferences to dialog ?
Add "alternative port" and "local only" preferences to dialog ?
Product: vino
Classification: Applications
Component: Preferences Dialog
Other Linux
: Normal normal
: ---
Assigned To: Vino Maintainer(s)
Vino Maintainer(s)
Depends on:
Reported: 2006-10-13 08:59 UTC by Mark McLoughlin
Modified: 2009-11-10 07:03 UTC
See Also:
GNOME target: ---
GNOME version: ---

Description Mark McLoughlin 2006-10-13 08:59:19 UTC
We've added these preferences in bug #156242 and #333752:


    If true, the server will only accept connections from
    localhost and network connections will be rejected.

    Set this option to true if you wish to exclusively use
    a tunneling mechanism to access the server, such as ssh.


    If true, the server will listen another port, instead of
    default (5900). The port must be specified in 'alternative_port'


     The port which the server will listen to if the
     'use_alternative_port' key is set to true.
     Valid values are in the range from 5000 to 50000.

First question is whether we should add these to the preferences dialog at all?

If we do, perhaps add a new "Advanced" section:


    [ ] Only allow other users from this computer to view or control your 

    [ ] Listen for connections on port: ________

Wording is more than a bit lame.

Any ideas Calum?
Comment 1 Calum Benson 2006-10-24 17:39:38 UTC
I personally don't think I'd be too upset if these options didn't make it into the dialog :)  

Of the two, I think the "local users only" option sounds like a slightly more likely candidate for inclusion; one option might just be to replace:

       [x] Allow other users to control your desktop

with something like:

       [x] Restrict to users on this computer only
       [x] Allow viewing users to control your desktop

The port option is a bit trickier to work in nicely; it's a bit grotty to have either an "Advanced" disclosure triangle or a "Change Port.." button to access just one control.  You could maybe just turn the "5900" part of the current hyperlink into a spin box:
        Users can view your desktop using this command:
        vncviewer ziggy.ireland:[5900 ]±

but I'm not sure how obvious that would be to use, in practice...
Comment 2 Calum Benson 2006-10-27 17:08:40 UTC
D'oh, of course the latter idea is nonsense, because the hyperlink button is showing the display number, not the port.  Another reason to leave it out of the prefs dialog for now I think :)
Comment 3 Mark McLoughlin 2006-10-27 17:11:12 UTC
Sounds reasonable to me. Thanks
Comment 4 Jonh Wendell 2007-04-25 14:21:53 UTC
Reopening this one for more discussion. A lot of people ask me why are these features hidden.
Comment 5 Albert Santoni 2007-04-25 15:07:30 UTC
I'm just a lowly user, but I'd like to throw my thoughts in here:

Yeah, it be nice if Vino had these tucked away in the preferences screen, maybe have one of those arrow things beside the word "Advanced", which then expands to show the other two options when it's clicked.
(For an example of what I'm talking about, see the "Keyboard" preferences dialog in Gnome. Look at the "Layout Options" tab...)
Comment 6 Thomas Lunde 2007-04-25 16:27:17 UTC
My USD $0.02:

+1 for Calum Benson's first idea in Comment #1, except that the two new options should be reversed, like so:

Just replace:

       [x] Allow other users to control your desktop

with something like:

       [x] Allow viewing users to control your desktop
       [x] Restrict to users on this computer only
Comment 7 deubeulyou 2007-04-25 17:16:39 UTC
More small cents !

This type of discussion is coming back pretty often (I remember for instance Linus's metacity patches); that just prompted me about a possible general solution when things are not too clear: couldn't we include a "More advanced options" links, that would simply open gconf-editor (with the right conf subtree focused) ?

I'm pretty sure gconf-editor is not going to scare admins or even moderately advanced users... The fact that each key is documented is also a great plus.

Additionally, it can be hard to know where to look ("remote desktop" in menu -> "vino" -> "remote_access" in gconf); putting a link would help solve that problem too.
Comment 8 Martijn Vernooij 2007-04-25 21:26:29 UTC
The label proposed for local_only makes no sense. There is no point in allowing local users to use this computer. In my opinion, if you want to expose it, the label should be something like:

'Require authentication to a local account before allowing connection' or 
'Only allow connections secured by another protocol already' or something

I don't really know how much the vnc protocol has evolved, but if there still is no security beyond a hashed password exchange, the default should be local connections only anyway, and this option may be superfluous. Are there any platforms left where it's hard to set up vnc over ssh (the client side, that is)?
Comment 9 Benoît Dejean 2007-04-25 23:19:23 UTC
About /desktop/gnome/remote_access/local_only = TRUE(In reply to comment #0)
> We've added these preferences in bug #156242 and #333752:
>   /desktop/gnome/remote_access/local_only
>     If true, the server will only accept connections from
>     localhost and network connections will be rejected.

Why rejected ? It should only listen on localhost.

But instead, what about providing a option to configure on which interface to listen. Like :

"Specifies the TCP/IP address(es) on which the server is to listen for connections from client. The value takes the form of a comma-separated list of host names and/or numeric IP addresses. The special entry *  corresponds to all available IP interfaces."
Comment 10 Phil Bordelon 2007-04-26 01:11:55 UTC
I feel that both of these options should be exposed to the user.

Text like 'Only allow local users to access the desktop' makes sense to me for the local_only option.
Comment 11 Wouter Bolsterlee (uws) 2007-04-26 07:43:12 UTC
Perhaps a "Advanced access control settings" subdialog? ;-)
Comment 12 gaten 2007-05-17 02:09:38 UTC
I fully believe that these options should be available in an "advanced" dialog, or it should at LEAST be documented in the help file for remote desktop.

This whole minimal options idea is a bad one and needs to be curtailed, IMHO. Why are we against more choices?
Comment 13 Matthew Paul Thomas (mpt) 2007-05-18 10:04:17 UTC
A checkbox should be used only if the meanings of both the on and off states are obvious from the label. But that's probably not possible here. ("Restrict to users on this computer only" wouldn't explain *either* state. If someone is accessing your desktop, that person is a "user" who's "on this computer", so that's begging the question. And "on this computer only" seemingly prohibits people from using other computers at the same time!)

In such situations, radio buttons are usually better:

    Allow access to your desktop for:
    (*) No-one
    ( ) Anyone who can log in to this computer
    ( ) Anyone

    People with access can:
    (*) View your desktop
    ( ) View and take control

More extensive redesign available on request. ;-)
Comment 14 Jonh Wendell 2007-11-11 01:55:25 UTC
OK, let's give it a try.

I've commited this UI change:
Comment 15 James G. Sack 2008-02-01 04:43:37 UTC
I'm probably an oddball here, but I'm not sure I like the idea of gnome managing network services at all. I like vino ok, but think it should be managed like traditional services (start-stop scripts and a text-based configuration file).

Comment 16 Ryan Westafer 2009-11-10 07:03:43 UTC
I'm surprised this feature is not included (as it is in most other VNC variants), but I can see why one might hide it from the masses.  Still, I think there should be more documentation online or somewhere saying how to use gconftool to change the port... I wasted 15 minutes trying to figure out something I can do easily with RealVNC...